ryanking999 - stock.adobe.com
The cost of the October 2020 Pysa ransomware attack on the systems of Hackney Council in London continues to mount, with the local authority spending £12.2m during the past financial year (2021-22).
The figures were disclosed to community newspaper The Hackney Citizen during an annual inspection of the council’s accounts, and are understood to include £444,000 spent on IT consultancy, £152,000 recovering its Mosaic systems and £572,000 on its housing register.
The attack, which came to light on 13 October 2020, saw threat actors access Hackney Council’s systems by targeting legacy on-premise servers that the victim had not yet migrated into the cloud.
It caused long-lasting disruption to public services across Hackney, with impacts on benefits claims and housing particularly damaging. In some instances, it is understood staff were continuing to work with pen and paper as recently as January 2022, and the newspaper reported that some systems relating to housing benefit and the housing register are still not properly operational.
Some months after the attack, the operators of the Pysa ransomware leaked data purported to have been stolen during the incident, which analysts found to include personally identifiable information including, but not limited to, passport data, scans of tenancy audit documents for public housing tenants, staff data and information on community safety.
The council has followed best practice in regard to ransomware attacks, standing firm against its attackers and refusing to pay a ransom, but has faced questions following its refusal to publicly release a report on the incident produced by auditors Mazars, citing exemptions under law covering information relating to the “prevention, investigation or prosecution of crime”, as well as on its approach to cyber security training.
A Hackney Council spokesperson told The Hackney Citizen: “We are sorry for the impact that this serious criminal attack has had on our residents. Council staff have done everything possible to minimise impacts and return services to normal as quickly as possible. We are extremely grateful for their tireless efforts and to our residents for their continued patience.”
Read more about the ransomware attack against Hackney
- Council reveals more insight into how the Pysa ransomware gang infiltrated its systems by exploiting legacy technology.
- Council data stolen in October is leaked online in a double extortion attack.
- Suppliers are being invited to tender for enhanced cyber security capabilities at ransomware victim Hackney Council.
- A month after a highly disruptive cyber attack on its systems, Hackney Council is still struggling to get back up and running.
- Hackney Council services offline after ‘serious’ cyber attack.
- Inability to make housing benefit payments is likely to sting some tenants as Hackney cyber attack drags on.
Matt Aldridge, principal solutions consultant at OpenText Security Solutions, said: “Seeing the huge costs of Hackney Council’s breach in 2020 is a stark reminder of the financial cost of data breaches when organisations fall foul to ransomware.
“But the impact of the breach went far beyond the monetary costs of recovery – the hack caused severe delays across a range of important services including benefit claims, Covid support grants, council tax rebates and more – long after the initial breach.”
Aldridge highlighted the importance of appropriate and, critically, ongoing security training for staff to mitigate the risk of future attacks and build cyber resilience.
“By participating in security awareness training, staff can learn to report possible security threats, follow pertinent IT policies and adhere to any applicable data privacy and compliance regulations,” he said.
“Taking the opportunity to rehearse different types of breach response and recovery scenarios is also key, particularly for large or complex organisations where critical processes may need to be operated under extremely adverse conditions.
“As the public sector continues to be a target given the nature of the data they handle, IT admins need to make sure to put the appropriate processes and technology in place to protect themselves against threats, including ensuring that their backup and recovery processes cannot be interfered with during an attack,” said Aldridge.